0x25/useful

GitHub: 0x25/useful

一份涵盖渗透测试全生命周期工具的分类索引笔记,帮助安全从业者按场景快速查找和使用各类安全工具。

Stars: 67 | Forks: 13

``` ____ ___ _____ .__ | | \______ _____/ ____\_ __| | ______ ______ | | / ___// __ \ __\ | \ | ______ ______ /_____/ /_____/ | | /\___ \\ ___/| | | | / |__ /_____/ /_____/ |______//____ >\___ >__| |____/|____/ \/ \/ ``` 如果链接失效请提交 issue,谢谢 如果你喜欢我的分享,可以给我一些 XMR { 4Ahnr36hZQsJ3P6jowXvs7cLkSVbkq2KyfQBVURYVftcj9tDoA592wT1jskroZEk2QDEZFPYMLqVvJWZHecFwQ9nL15SzRG } ## 检测 yara;network;https://github.com/plusvic/yara haka;network;http://www.haka-security.org/ ## 识别 netdiscover;网络发现;http://www.tuto-linux.com/tutoriel/netdiscover-scan-furtif-dun-reseau-avec-arp/ nmap;网络扫描器;https://nmap.org/download.html recog;发现;https://github.com/rapid7/recog vulscan;nmap 脚本;https://github.com/scipag/vulscan synscan;网络扫描器;https://packetstormsecurity.com/files/download/62221/synscan-5.0.tar.gz webappalyzer;CMS 识别;https://wappalyzer.com/ builtwith;CMS 识别;http://builtwith.com/ nikto;web;https://github.com/sullo/nikto dirbuster;web;https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project fibratus;Windows 内核;https://github.com/rabbitstack/fibratus wafw00f;web;https://github.com/EnableSecurity/wafw00f skipfish;web;https://code.google.com/archive/p/skipfish/ lastaudit;Windows;https://lastaudit.wordpress.com/download/ subbrute;DNS;https://github.com/TheRook/subbrute ctfr;DNS;https://github.com/UnaPibaGeek/ctfr Dumb;DNS;https://github.com/giovanifss/Dumb BTA;活动目录;https://bitbucket.org/iwseclabs/bta portquiz;网络;http://portquiz.net/ massdns;DNS;https://github.com/blechschmidt/massdns domained;DNS;https://github.com/nilvalues/domained assetfinder;域名;https://github.com/tomnomnom/assetfinder dvcs-pillage;git;https://github.com/evilpacket/DVCS-Pillage dmitry;web;apt-get install dmitry sslyze;SSL;https://github.com/nabla-c0d3/sslyze ssltest.sh;SSL;https://github.com/drwetter/testssl.sh/ LHF recon;多用途;https://github.com/blindfuzzy/LHF pshtt;HTTPS;https://github.com/dhs-ncats/pshtt fuzzdb;模式列表;https://github.com/fuzzdb-project/fuzzdb sparta;Linux;http://sparta.secforce.com/ operative;指纹识别;https://github.com/graniet/operative-framework SIPvicious;SIP;https://github.com/EnableSecurity/sipvicious sharesniffer;Windows;https://github.com/shirosaidev/sharesniffer reversewhois;WHOIS;https://viewdns.info/reversewhois securitytrails;DNS 关键字;https://securitytrails.com/#search Interlace;Linux 多线程自动化;https://github.com/codingo/Interlace fuff;web;https://github.com/ffuf/ffuf amass;OWASP 信息收集;https://github.com/OWASP/Amass ## CVE cvedetails;;https://www.cvedetails.com/ opencve;;https://www.opencve.io/ mitre;;https://cve.mitre.org/ ## 漏洞研究 nmap;端口扫描器;https://nmap.org/ ngrep;被动扫描;https://linux.die.net/man/8/ngrep burp;web;http://portswigger.net/ caido;web;https://caido.io/fr Burp-Non-HTTP-Extension;web burp 插件;https://github.com/summitt/Burp-Non-HTTP-Extension zap;web;https://github.com/zaproxy/zaproxy/wiki/Downloads jsql-injection;SQLi;https://github.com/ron190/jsql-injection havij,sqli;http://itsecteam.com/ nessus;服务器;http://www.tenable.com/products/nessus/select-your-operating-system metasploit;渗透测试框架;http://www.rapid7.com/products/metasploit/ sniper;渗透测试;https://github.com/1N3/Sn1per BeEF;web;https://github.com/beefproject/beef aircrack;Wi-Fi;http://www.aircrack-ng.org/ airsnort;Wi-Fi;http://sourceforge.net/projects/airsnort/ webscarab;web Fuzzer;https://github.com/OWASP/OWASP-WebScarab jBroFuzz;web Fuzzer;https://sourceforge.net/projects/jbrofuzz/ wsfuzzer;SOAP Fuzzer;https://sourceforge.net/projects/wsfuzzer/files/ zuff;Fuzzer;https://github.com/samhocevar/zzuf/releases sulley;Fuzzer 框架;https://github.com/OpenRCE/sulley protofuzz;协议 Fuzzer;https://sourceforge.net/projects/protofuzz/ comraider;ActiveX Fuzzer;https://github.com/dzzie/COMRaider malybuzz;网络 Fuzzer;http://eternal-todo.com/tools/malybuzz-network-fuzzer peach;Fuzzer;http://www.peachfuzzer.com/resources/peachcommunity/ radamsa;Fuzzer;https://github.com/aoh/radamsa xsshunter;web XSS;https://github.com/mandatoryprogrammer/xsshunter xsspy;web;https://github.com/faizann24/XssPy/ kerberom;Windows;https://github.com/Fist0urs/kerberom BruteXSS;XSS;https://github.com/shawarkhanethicalhacker/BruteXSS otori;XXE;http://www.beneaththewaves.net/Software/On_The_Outside_Reaching_In.html#Downloads apktool;APK;http://ibotpeaches.github.io/Apktool/ fiddler;web;https://www.telerik.com/download/fiddler mimikittenz;Windows;https://github.com/putterpanda/mimikittenz choronzon;Fuzzer;https://github.com/CENSUS/choronzon smod;modbus;https://github.com/enddo/smod vega;web;https://subgraph.com/vega ridenum;Windows;https://github.com/trustedsec/ridenum vsaudit;VOIP;https://github.com/sanvil/vsaudit Responder;Windows;https://github.com/lgandx/Responder PowerSploit;Windows;https://github.com/PowerShellMafia/PowerSploit LLMNR;PowerShell;https://github.com/nbs-system/php-malware-finder coerce;Windows;https://github.com/p0dalirius/Coercer mimipenguin;Linux;https://github.com/huntergregal/mimipenguin getsploit;getsploit;https://github.com/vulnersCom/getsploit winpayloads;Windows payloads;https://github.com/nccgroup/winpayloads CrackMapExec;网络扫描/AD;https://github.com/byt3bl33d3r/CrackMapExec netexec;扫描/攻破 AD;https://github.com/Pennyw0rth/NetExec PsMapExec,PowerShell 攻破 AD;https://github.com/The-Viper-One/PsMapExec mitm6;mitm ipv6 wpad;https://github.com/fox-it/mitm6 GyoiThon;web msf;https://github.com/gyoisamurai/GyoiThon badKarma;GUI;https://github.com/r3vn/badKarma PowerLine;https://github.com/fullmetalcache/PowerLine ysoserial;JAVA 序列化对象;https://github.com/frohoff/ysoserial evil-ssdp;UPNP;https://gitlab.com/initstring/evil-ssdp eavesarp;Python ARP;https://github.com/arch4ngel/eavesarp AD;文档;https://github.com/infosecn1nja/AD-Attack-Defense/ baboossh;用于 SSH 的 cme;https://github.com/cybiere/baboossh Blacklist3r;ASP.NET;https://github.com/NotSoSecure/Blacklist3r/releases/tag/3.0 xinPEAS;Windows;https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS fakedns;DNS;https://github.com/Crypt0s/FakeDns evil-winrm;Windows;https://github.com/Hackplayers/evil-winrm WinPwn;PS;https://github.com/S3cur3Th1sSh1t/WinPwn nuclei;web;https://github.com/projectdiscovery/nuclei ## API autosawgger;web;https://github.com/intruder-io/autoswagger ## exploit jexboss;jboss;https://github.com/joaomatosf/jexboss gtfobins;Linux;https://gtfobins.github.io/ wadcoms;;https://wadcoms.github.io/#+No%20Creds ## PowerShell MailSniper;PS;https://github.com/dafthack/MailSniper ## 混淆 pyobfuscator;Python;https://github.com/nlog2n/pyobfuscator ## 内网穿透/枢纽 ssf;跨平台;https://securesocketfunneling.github.io/ssf/ ## SQLi mssql-cli;MSSQL 客户端命令行;https://docs.microsoft.com/fr-fr/sql/tools/mssql-cli?view=sql-server-2017 sqlmap;SQLi;http://sqlmap.org/ ## 审计 nipper;防火墙;www.titania.com lynis;Linux;https://cisofy.com/lynis/ Nix auditor;Redhat;https://github.com/XalfiE/Nix-Auditor scan-build;C;http://clang-analyzer.llvm.org/scan-build.html debsecan;Debian;http://www.enyo.de/fw/software/debsecan/ lunar;Linux;https://github.com/lateralblast/lunar dockerscan;Linux;https://github.com/cr0hn/dockerscan pingcastle;AD;https://www.pingcastle.com/ ADRecon;AD;https://github.com/sense-of-security/ADRecon jomscan;Joomla;https://github.com/rezasp/joomscan linEnum;Linux;https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh PEAS;Linux/Windows;https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite HardeningKitty;Windows;https://github.com/scipag/HardeningKitty ## 代码审计 sonarqube;;https://www.sonarqube.org/ exakat;PHP;https://www.exakat.io/ SCARY;PHP;https://github.com/ewilded/SCARY ## 密码学 keylength;;密钥长度;https://www.keylength.com factorize;;http://factordb.com/ ## 破解/暴力破解 hashcat;哈希;http://hashcat.net/hashcat/ john;哈希;http://www.openwall.com/john/ Durvasav-BfPC;哈希;https://github.com/vishnumaiea/Durvasav-BfPC princeprocessor;算法;https://github.com/hashcat/princeprocessor hashview;hashcat 分布式 GUI;http://www.hashview.io/ mdxfind;多哈希, CPU;https://www.techsolvency.com/pub/bin/mdxfind/ bitlocker;Linux;https://github.com/e-ago/bitcracker ## 恶意软件 luckystrike;XLSX;https://github.com/Shellntel/luckystrike dasmalwerk;恶意软件下载;http://dasmalwerk.eu/   malware-traffic-analysis;数据库与分析;http://www.malware-traffic-analysis.net joesandox;沙箱;https://www.joesandbox.com/ ## IDS/IPS ## 域名拼写抢注 ; 域名排列组合 urlcrazy;DNS 域名拼写抢注;https://tools.kali.org/information-gathering/urlcrazy dnstwist;DNS 域名抢注;https://github.com/elceef/dnstwist ## 打印机 cred;LDAP;https://www.ceos3c.com/hacking/obtaining-domain-credentials-printer-netcat/ ## 防火墙 fireaway;NGFW 绕过;https://github.com/tcstool/fireaway ## 蜜罐 honeycomb;蜜罐;https://github.com/Cymmetria/honeycomb ## 逆向 gdbEnhanced;Linux;https://gef.readthedocs.io/en/master/ gdb;Linux;http://www.gnu.org/software/gdb/download/ gdb.init;Linux;https://gist.github.com/CocoaBeans/1879270 gdb UI;Linux;https://github.com/cs01/gdbgui/ peda;gdb;https://github.com/longld/peda ida;Windows/Linux;https://www.hex-rays.com/products/ida/support/download.shtml radar;Windows/Linux;http://radare.org/r/down.html objdump;Linux; ollydbg;Windows;http://www.ollydbg.de/ binwalk;固件;http://binwalk.org/ peid;Windows;https://www.aldeid.com/wiki/PEiD dnSpy;.NET;https://github.com/0xd4d/dnSpy veles;二进制文件;https://codisec.com/veles/ scdbg;shellcode 分析;http://sandsprite.com/blogs/index.php?uid=7&pid=152 binaryNinja;逆向平台;https://binary.ninja/ ## 文件搜索/取证 foremost;Linux; photorec;Linux; hachoir-subfile;Linux;apt-get install python-hachoir-subfile testdisk;;http://www.cgsecurity.org/wiki/TestDisk_FR RecuperaBit;重建文件;https://github.com/Lazza/RecuperaBit peepdf;PDF;http://eternal-todo.com/tools/peepdf-pdf-analysis-tool bucket;;buckets.grayhatwarfare.com gitminer;git 搜索;https://github.com/UnkL4b/GitMiner DeepBlueCLI;PS;https://github.com/sans-blue-team/DeepBlueCLI dfir;Windows;https://dfir-orc.github.io/ ## 网络 t50;网络;https://sourceforge.net/projects/t50/ tcpdump;Linux tshark;Linux/Windows wireshark;Linux/Windows netcat/nc;Linux sniffles;生成器;https://github.com/petabi/sniffles dnscat2;隧道;https://github.com/iagox86/dnscat2 petabi;PCAP 生成器;http://petabi.com/ netsniff-ng;网络;https://github.com/netsniff-ng/netsniff-ng Pcapviz;PCAP 图形化;https://github.com/mateuszk87/PcapViz iftop;Linux 状态;iftop dns2tcp;隧道;https://tools.kali.org/maintaining-access/dns2tcp serveo;将本地服务发布到 DNS;https://serveo.net/ tcpproxy;Python;https://github.com/ickerwx/tcpproxy ## 搜索引擎 shodan;搜索引擎;https://www.shodan.io censys;搜索引擎;https://www.censys.io/ exploitsearch;exploit;http://www.exploitsearch.net/ exploit-db;exploit;https://www.exploit-db.com/ vulnerabilities,vuln;https://www.seebug.org/ ## 电子书/杂志 International Journal of Proof-of-Concept or Get The Fuck Out;电子书;https://www.alchemistowl.org/pocorgtfo/ xmco;法语;https://www.xmco.fr/actusecu/ pageout;英语;https://pagedout.institute/ ## 隐写术 Matroschka;隐写术;https://github.com/fgrimme/Matroschka ## 撰写渗透测试报告 public-pentesting-reports;报告;https://github.com/juliocesarfort/public-pentesting-reports cure53;出版物;https://cure53.de/#publications ## Android apkr;Android;https://github.com/zerjioang/apkr genymotion;模拟器;https://www.genymotion.com MobSF;APK 分析;https://github.com/MobSF/Mobile-Security-Framework-MobSF Cheatsheet;指南, 帮助;https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet anbox;Linux 模拟器;https://anbox.io/ ## 学习 metasploit-unleashed;免费培训;https://www.offensive-security.com/metasploit-unleashed bWapp;web 漏洞;http://www.itsecgames.com/ building-your-own-pentesting-environment;实验室;http://resources.infosecinstitute.com/building-your-own-pentesting-environment/ webgoat;JAVA 漏洞;https://github.com/webgoat pwnos;漏洞;http://pwnos.com/ pentesterlab;培训;https://www.pentesterlab.com/ WordSteal;Linux;https://github.com/0x090x0/WordSteal websec;挑战;https://websec.fr maltran;恶意软件;https://github.com/MalwareReverseBrasil/maltran natas;挑战;http://overthewire.org/wargames/natas/ hackthebox;挑战;https://www.hackthebox.eu/en OSCP-Survival-Guide;OSCP;https://github.com/frizb/OSCP-Survival-Guide Awesome-Hacking-Resources;链接;https://github.com/vitalysim/Awesome-Hacking-Resources xvna;Node.js;https://github.com/vegabird/xvna oscp-like;虚拟机;https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms virtualhackinglabs;非免费虚拟机;www.virtualhackinglabs.com hackingarticles;writeup;https://www.hackingarticles.in/ try hack me;挑战;https://tryhackme.com/ cryptohack;挑战;https://cryptohack.org/ picoCTF;挑战;https://picoctf.org/ ctf-katana;命令行;https://github.com/JohnHammond/ctf-katana hacktricks;命令行;https://book.hacktricks.xyz/ ## 后门与强化 tinyshell;PHP;https://github.com/lawrenceamer/tinyshell weevely;PHP 后门;http://tools.kali.org/maintaining-access/weevely php-reverse-shell;PHP 反弹;http://pentestmonkey.net/tools/web-shells/php-reverse-shell pupy;RAT;https://github.com/n1nj4sec/pupy ThunderShell;PS;https://github.com/Mr-Un1k0d3r/ThunderShell php-web-shell;PHP webshell 列表;https://github.com/JohnTroony/php-webshells b374k;PHP;https://github.com/b374k/b374k FFM;Python;https://github.com/JusticeRage/FFM revshells;;https://www.revshells.com/ ## 钓鱼 king-phisher;钓鱼;https://github.com/securestate/king-phisher/releases gophish;开源平台;https://getgophish.com/ SocialFish;Python;https://github.com/UndeadSec/SocialFish juda;代理;https://github.com/JonCooperWorks/judas evil nginx;代理;https://github.com/kgretzky/evilginx2 ## 字典 CeWL;基于 URL 的生成器;https://github.com/digininja/CeWL ## Wi-Fi scapy-fakeap;伪造 AP;https://github.com/rpp0/scapy-fakeap LANs;中间人攻击;https://github.com/DanMcInerney/LANs.py MITMf;中间人攻击 ++;https://github.com/byt3bl33d3r/MITMf Lans;中间人攻击;https://github.com/DanMcInerney/LANs.py wifi-pumpkins;AP 及更多;https://github.com/P0cL4bs/WiFi-Pumpkin hostapd;AP;https://doc.ubuntu-fr.org/hostapd eaphammer;EAP 伪造 AP;https://github.com/s0lst1c3/eaphammer audit-radius;RADIUS;https://github.com/ANSSI-FR/audit-radius PMKID 攻击;带外;https://hashcat.net/forum/thread-7717.html wifite2;自动化;https://github.com/derv82/wifite2 hostbase;Wi-Fi;https://github.com/Koala633/hostbase ## WMI wmie;资源管理器;https://wmie.codeplex.com/ ## 发行版 Converto;升级 VPS;https://github.com/developerkunal/Converto ## 红队 PlugBot-Plug;;https://github.com/redteamsecurity/PlugBot-Plug exploitpack;exploit kit;https://exploitpack.com responder;无哈希;https://threat.tevora.com/quick-tip-skip-cracking-responder-hashes-and-replay-them/ demiguise;HTA 文件下载浏览器;https://github.com/nccgroup/demiguise ScareCrow;Windows;https://github.com/optiv/ScareCrow vilain;;https://github.com/t3l3machus/villain ligolo-ng;DNS 渗透;https://github.com/nicocha30/ligolo-ng ## Web 服务 webservice;*;http://www.ws-attacks.org/Welcome_to_WS-Attacks ## Windows regshot;注册表快照;https://sourceforge.net/projects/regshot/ luckystrike;XLSX Word;https://www.shellntel.com/blog/2016/9/13/luckystrike-a-database-backed-evil-macro-generator privilege;Windows;http://www.sploitspren.com/2018-01-26-Windows-Privilege-Escalation-Guide/ Active-Directory-Exploitation-Cheat-Sheet;;https://github.com/buftas/Active-Directory-Exploitation-Cheat-Sheet obfuscatePS;Python;https://github.com/Unknow101/FuckThatPacker AD cheat sheet;;https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/ lolbin;Windows;https://lolbas-project.github.io/ pypykatz;Python;https://github.com/skelsec/pypykatz hakatomb;Python;https://github.com/Processus-Thief/HEKATOMB ADPeas;PSH;https://github.com/61106960/adPEAS MITM DHCPV6;;https://github.com/RedTeamPentesting/pretender ## 数据库泄露 databases;数据库;https://www.databases.today/search.php weakpass;密码;http://weakpass.com/ hashes;hash:pass;https://hashes.org/leaks.php ## 蜜罐/信标 canary;token;https://canarytokens.org opencanary;HTTPS;https://github.com/thinkst/opencanary ## USB P4wnP1;Windows;https://github.com/mame82/P4wnP1 ## Rootkit Reptile; Linux;https://github.com/f0rb1dd3n/Reptile ## 硬件 espressobin;3 个以太网口;http://espressobin.net raspberry;迷你 PC;https://www.raspberrypi.org/ ## IOT baudrate;UART/COM;https://github.com/devttys0/baudrate ## Docker docker-explorer;Linux;https://github.com/google/docker-explorer deepce;Docker;https://github.com/stealthcopter/deepce ## 记事本 Huntpad;改进的记事本;http://www.syhunt.com/en/index.php?n=Products.SyhuntHuntpad ## CTF CTFd;Web 界面;https://github.com/CTFd/CTFd ## 域名拼写抢注 typofinder;;https://github.com/nccgroup/typofinder ## TOR multitor;Linux;https://github.com/trimstray/multitor ## 播客 nolimitsecu;法语;https://www.nolimitsecu.fr/ comptoirsecu;法语;https://www.comptoirsecu.fr/podcast/ blackhillsinfo;英语;https://www.blackhillsinfosec.com/podcasts/ darknetdiaries;英语;https://darknetdiaries.com/ no-log;法语;https://shows.acast.com/no-log CYBER;英语;https://open.spotify.com/show/3smcGJaAF6F7sioqFDQjzn?si=d145034375e647e9 hackandspeak;法语;https://anchor.fm/hacknspeak purplevoice;法语;https://www.radio.fr/podcast/purple-voice ## SNMP snmp-check;Ruby;http://www.nothink.org/codes/snmpcheck/index.php ## 教程 lesson;英语;https://www.thehacker.recipes/ ## 射频 radio;ISO;https://www.sigintos.com/ ## 其他 mailgun;邮件;http://www.mailgun.com/ anonymous;操作系统;https://www.whonix.org/ owasp test list;渗透测试;https://www.owasp.org/index.php/Testing_Checklist nmap (lua) IDE;nmap;http://halcyon-ide.org/ http-screenshot;nmap NSE;https://github.com/SpiderLabs/Nmap-Tools/blob/master/NSE/http-screenshot.nse penbox;渗透测试框架;https://github.com/x3omdax/PenBox wireguard;VPN;https://www.wireguard.io/ Serpico;渗透测试报告;https://github.com/SerpicoProject/Serpico winfsp;Windows;https://github.com/billziss-gh/winfsp encode;编码;https://encoder.mattiasgeniar.be/index.php vulnreport;报告;http://vulnreport.io/ metame;代码变异;https://github.com/a0rtega/metame stemjail; Jail;https://stemjail.github.io/ pwnmalw;恶意软件漏洞;https://www.pwnmalw.re/ screentogif;录制;https://screentogif.codeplex.com/ php-security-pitfalls;测试 Web 漏洞;https://github.com/joostvanveen/php-security-pitfalls SEI+CERT+Coding+Standards;代码规范;https://www.securecoding.cert.org/confluence/display/seccode/SEI+CERT+Coding+Standards HTTP-Over-Protocol;隧道;https://github.com/sakshamsharma/HTTP-Over-Protocol scans.io;数据库;https://scans.io/ agarri; nicolas gregoire;http://www.agarri.fr/en/index.html Linux_Exploit_Suggester;Linux;https://github.com/PenturaLabs/Linux_Exploit_Suggester Windows-Exploit-Suggester;Windows;https://github.com/GDSSecurity/Windows-Exploit-Suggester sandcat;浏览器;http://www.syhunt.com/sandcat/ dracos-linux;渗透测试 OS;http://www.dracos-linux.org/ OWASP;建议;https://github.com/OWASP Web_Application_Security_Testing_Cheat_Sheet;测试;https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet cryptomator;云端加密;https://cryptomator.org/ awesome-pentest;工具;https://github.com/enaqx/awesome-pentest g0tmi1k;博客;https://blog.g0tmi1k.com CyberChef; 编码解码;https://gchq.github.io/CyberChef/ kakoune;文本编辑器;http://kakoune.org/ Parallel Processing Shell Script;Bash;https://github.com/louwrentius/PPSS cyberprobe;攻击监控;http://cyberprobe.sourceforge.net/ pushed;手机通知;https://pushed.co freegeoip;freegeoip;https://freegeoip.net awesome-malware-analysis;工具;https://github.com/rshipp/awesome-malware-analysis laverna;笔记;https://laverna.cc Metarouter;网络;https://wiki.mikrotik.com/wiki/Manual:Metarouter ShadowBuster;漏洞映射;https://github.com/indeedops/ShadowBuster certbot;免费 SSL 证书;https://certbot.eff.org/ panwdbl;恶意软件 IP 数据库;http://panwdbl.appspot.com/ conemu;Telnet 客户端;https://conemu.github.io/ testconnectivity;邮件头;https://testconnectivity.microsoft.com/ hiddent-tear;勒索软件代码;https://github.com/goliate/hidden-tear Heap Exploitation;学习;https://heap-exploitation.dhavalkapil.com/ pentest-cheat-sheets;渗透测试速查表;https://github.com/coreb1t/awesome-pentest-cheat-sheets osquery;审查;https://osquery.io/ postgresql_online_compiler;PostgreSQL;http://rextester.com/l/postgresql_online_compiler; pumascan;.NET 漏洞分析器;https://www.pumascan.com/ scikit-learn;Python 机器学习;http://scikit-learn.org cutycapt;Linux 命令行截图;http://cutycapt.sourceforge.net/ php rop gadget;PHP;https://www.ambionics.io/blog/php-generic-gadget-chains wireguard;VPN;https://www.wireguard.com/ atom;文本编辑器;https://atom.io/docs pbscan;大规模端口扫描器;https://github.com/gvb84/pbscan Ironsquirrel;用于浏览器的加密 exploit 投递;https://github.com/MRGEffitas/Ironsquirrel asciinema;Linux 命令行录制;https://asciinema.org/ ufw;Linux iptables;https://linuxconfig.org/how-to-install-and-use-ufw-firewall-on-linux phantom;编排;https://www.phantom.us/ goaccess;Web 报告;https://goaccess.io/ pwning win;Windows;https://crowdshield.com/blog.php?name=pwning-windows-domains-from-the-command-line automate action;Android;http://llamalab.com/automate/ gephi;Graphviz 工具;https://gephi.org/ macro;VBA;https://homputersecurity.com/2017/12/21/comment-pirater-un-systeme-windows-laide-dun-fichier-macro/ git clone;wget;https://blog.netspi.com/dumping-git-data-from-misconfigured-web-servers/ linux cmd;Linux;https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ crt.sh;SSL 证书;https://crt.sh bashbosster;配置管理;http://www.bashbooster.net/ gopacket;Go 数据包操作;https://github.com/google/gopacket up;交互式 grep;https://github.com/akavel/up payload;burp;https://github.com/1N3/IntruderPayloads owasp-modsecurity-crs;mod security 规则;https://github.com/SpiderLabs/owasp-modsecurity-crs inspec.io;强化;https://www.inspec.io/ Osquery;文件完整性监控;https://www.howtoforge.com/tutorial/how-to-setup-file-integrity-monitoring-fim-using-osquery-on-linux-server/ GPU;云;https://vast.ai/console/create/ DNSDumpster;DNS;https://dnsdumpster.com/ patrowl;发现;https://www.patrowl.io/ vault;密码管理器;https://www.vaultproject.io/; wifi;piZero;https://pwnagotchi.ai/ total commander;IDE;https://www.ghisler.com/accueil.htm jupyter;Python 记事本运行代码;https://jupyter.org/ easy2boot;启动;https://www.easy2boot.com/ scantron;;https://github.com/rackerlabs/scantron Portsentry;Linux;https://wiki.gentoo.org/wiki/PortSentry ssh+ssl;Linux;https://ostechnix.com/sslh-share-port-https-ssh/ ssh;;https://github.com/quantumsheep/sshs
标签:AI合规, 域环境安全, 威胁模拟, 逆向工具